Microsoft announced that the Windows Azure cloud platform allows customers to meet HIPAA regulations on business associate agreements.

Microsoft now offers business associate agreements (BAA) for Windows Azure Core Services under the Health Insurance Portability and Accountability Act (HIPAA), the company announced in a July 25 blog post.

Under the HIPAA Privacy rule, covered entities (a doctor, health insurance provider or health care clearing-house) must include a BAA for documentation when seeking access to protected health information (PHI).

"Microsoft is really ready now to stand up and be the trusted steward for covered entities," Dr. Mohamed Ayad, industry technical solution specialist for U.S. Health & Life Sciences at Microsoft, told eWEEK.

"PHI can reside safely in a Microsoft data center; now, we're extending that to cover Azure as well," said Ayad.

PHI includes anything that would identify a patient, such as an electronic health record or medical claim, he explained.

"In the past, one of the major concerns with moving that information to the cloud was how do we secure that data and make sure it's safe," said Ayad. "Now, a provider can put that data in Azure Core Services and be sure it's in a HIPAA-secure environment."

In December, Microsoft announced that the Office 365 cloud office-productivity platform offers HIPAA-compliant capabilities for users, and earlier this year, it also introduced a BAA for its Dynamics customer-relationship management software.

Microsoft will offer BAA agreements in Azure for Web and worker roles in Cloud Services as well as tables, queues and binary large objects (BLOBS), which store unstructured data, such as video, audio and images.

Companies also can obtain BAAs for infrastructure as a service (IaaS) virtual machines and Windows Azure Connect, a machine-to-machine link between Azure and on-premise database servers and domain controllers.